Key Takeaways: Retail Threat Briefing Webinar with R-CISC

In the era of Amazon and mainstream e-commerce, every online retailer has to deliver a compelling user experience across their web and mobile channels while protecting customers from cyberattacks and fraud. Recently, Shape collaborated with R-CISC to share attack data and analysis of the most prevalent threats for retailers and best practices on how Top 10 Retailers are mitigating these threats.

Analysis of Top Online Retail Threats

Credential StuffingCredential stuffing is responsible for more than 99% of all retail account takeovers (ATOs). In one attack on a top 50 retailer, Shape identified over 13.8 million automated posts against a login endpoint, using 80,000 unique IP’s, sustained for 10 days. Prior to blocking, this retailer identified 328,000 account takeovers.

Gift Card CrackingFor some retailers Shape has observed that over 98.5% of their traffic to gift card endpoints is automated. Gift card cracking is popular because it’s relatively easy to monetize and often done anonymously. Criminals impersonate real users and steal valid gift card numbers by exploiting the retailers’ own applications for purchases, transfers and checking gift card balances.

Fake Account CreationFake account creation is often used for future fraud including promotions, points, fake reviews and surveys. In one client example, 16k fake accounts were attempted to be created in just a week. Stopping attacks requires the fast identification of automated attackers and manual fraudsters without adding any friction for actual customers.

ScalpingScalping bots obtain limited availability items, often resulting in items being sold out in minutes. A common scenario is bots buying up high demand concert tickets, congesting the main user flow for everyone else, resulting in a bad user experience and brand reputation damage for a retailer’s most loyal customers.

One client experienced a staggering 99.84% of scalping traffic as part of its total traffic leading up to the November Black Friday period. The scalping traffic was instantly blocked once it started routing through Shape. Again, fast implementation is key—especially during peak online shopping periods.

How are Top 10 Retailers Preventing Attacks

Here are some of the best practices we observed from the top ten retailers who have successfully protected their businesses from the most damaging threats: